By combining Snyk SAST and Bright DAST, users can validate their Snyk SAST issues more comprehensively. This approach reduces false positives and improves the reliability of vulnerability assessments, providing a more robust and trustworthy experience.
This is how the Snyk integration works:
- The Bright app continuously reviews all Snyk SAST issues.
- For each Snyk issue, the integration identifies a separate test.
- A list of tests is collected for each project.
- The Bright app runs selected tests and provides a list of validated issues.
- Each Bright issue is linked with a corresponding Snyk SAST issue.
- Created Project in Snyk using Service account
- Obtained Snyk organization ID and API key (token)
- Open the Organization tab → Integration section
- Select the Snyk → Settings
- Provide Snyk organization ID and organization API key and click Connect
- Create a project and select permissions
- Open the Project page → Settings → Add integration
- Select a Snyk project, associate a repository and click Save
One Bright project can be connected with one Snyk project only. For more integrations new projects should be created.
- Open a Scans tab → Create a new scan, select the project created earlier and click Start Scan
Snyk project contains a list of tests to perform, manual test selection in the Bright web app is unavailable.
To see the test list, provided by Snyk project, do the following:
- Open a Scans tab → select the scan
- Open a Configuration tab and scroll down to Tests to run
After the tests are completed, a scan page will display a list of issues found. This short-list of vulnerability issues have been tested and validated by Bright based on Snyk scan issues.
To open a Snyk issue connected to Bright scan, do the following:
- Open a Scan Details page → Select an issue
- Open an Additional info tab. Snyk project, connected to the Bright issue, is placed in External issue services URL section.
Updated about 2 months ago